Ensuring that all your Oracle Databases are securely configured is a must in today’s world. This applies whether you are developing a new application, spinning up a new database in your network or in the cloud, or moving an existing database to the cloud. System misconfigurations as well as insufficient control of privileged user accounts are two of the leading causes of data breaches.
The security assessment and user assessment capabilities of Oracle Data Safe help to automate these tasks so that you can focus on remediation or creating compensating security controls. However, until now, this information was available only on a per database level, which is fine if you have just a few databases. But, if you, like many of our customers, have dozens or hundreds of databases, you really need a fleet-wide view into the overall health and security of your databases. In addition, customers have been asking us for the ability to be proactively notified about changes so they could act immediately.
We are happy to announce that with the latest update of Data Safe, we are now introducing a fleet-wide view of potential risks across all databases and multiple additional enhancements to centrally manage their security posture.
Fleet-wide view of database configuration risks
You can now get an immediate overview of all risk findings across the databases in your landscape and how many databases have high, medium, or low risks.
From here, you can quickly drill down into any risk level to see which specific risks were identified, which databases are impacted by each risk and even recommendations on how to improve database security.
If you click on a database name, you get further details of the risk in that database.
Identify highly privileged user accounts across your database fleet
Data Safe examines database users across the entire fleet to detect which database accounts might present the most significant risk to data security if they were compromised or if the user/account went rogue. Knowing this information allows you to evaluate the privileges granted to those accounts and also consider if compensating controls, like user activity auditing, might be necessary.
With the latest Data Safe update, you can now get an immediate overview of the risk levels represented by the database users across your databases. You can see how many users pose a potential critical, high, medium, or low risk to data security. You can also see how many (and which) users across your fleet have privileged roles, when they last changed their password, and when they last logged in.
And when you drill down into any of the specific users, you can review the roles and privileges granted to a user or examine their database activity.
Identify when user accounts or entitlements have changed
Like the security assessment capability, Data Safe customers now have the option to set a baseline for existing user accounts and their associated privileges. Every new user assessment is then compared to this configured baseline, allowing you to easily identify and classify any newly added users and their respective privileges, as well as any entitlement changes for existing user accounts.
Get notified when your security configurations or user entitlements have changed
With the introduction of Data Safe events in the Oracle Cloud Infrastructure console, you can now simply subscribe to any of these events to get a notification. Receive a notification when a new security assessment or user assessment is available or, even better, when the security configuration or user accounts and entitlements were changed. No need to manually check all databases, all the time.
Automated assessments
In addition to a fleet-wide view and new notifications, Data Safe automatically schedules weekly security and user assessments. This was already available for all Autonomous Databases registered in Data Safe, but has now been extended to all registered databases. And you can, of course, update the schedule as necessary to your preferred schedule (daily, weekly or monthly).
REST API support
We have also made all assessment features available as REST APIs, so you can include them in any scripts you may have or integrate them with other management or monitoring solutions. These new APIs complement the list of Data Safe REST APIs that we continuously extend.
Easily manage the security posture of your database fleet
With the new fleet-wide overview of configuration risks and highly privileged users as well as the new notification options for changes, you can now let Data Safe do the bulk of the work for you so you can focus on the databases that really need your attention.
References
Visit Oracle Data Safe to learn more about Data Safe and its features. For further Data Safe documentation, read Security Assessment and User Assessment. More information on available Data Safe events can be found here. All available Data Safe REST APIs can be found here.